A Request For Google’s Webmaster Tools – Fight spamlink hacking head-on

For at least the last six months, one of my blogs has been hacked and I didn’t know about it. For all I know, it is still hacked.

As Aaron Wall pointed out over at SEO Blog, there is a sophisticated new method of link cloaking that hackers are using where only GoogleBot sees the hacker’s spammy xanax links.

I had guessed that my site was hacked around last August because the site was de-indexed from Google. However, I went to Google’s webmaster tools at the time to look at “What Google Sees” and didn’t see any spammy keywords. Then, I checked all the files on my webserver and didn’t find any obvious changes. Then I scanned the database for common spam hacker tactics. Nothing. So as a last resort, I simply deleted all the WP files off the server and re-installed a fresh installation of WP.

In the past, this methodology has solved all my spamhacks. But not this time. And to this day I still don’t know if I’ve solved the problem. What I do know is that the site has actually been hacked because now when I go to Webmaster Tools “What Google Sees” and look at the cache of pages on my site, I see lots of spammy phrases.

So, 6 months later, I’ve gone ahead and rechecked everything. I’ve run the Exploit Scanner plugin and it doesn’t see a problem. I’ve looked through the theme files, including functions.php and still don’t see the issue.

What makes the problem especially tough to identify is the cloaking aspect. Because it’s impossible to test whether you’ve fixed the issue in real time. Instead, you are left waiting for the next time Google caches a page on your site.

So here’s the request for Google’s Webmaster Tools…

Let’s tackle spamlink hacking head on. Let’s make Webmaster Central’s Webmaster Tools really, really useful by meeting these specs:

  • Provide immediate email notifications if spamlink hacking is detected on a site.
  • Because of the cloaking issue, allow a webmaster to request an immediate site review (just like you do for initial site authentication)
  • Provide webmasters a robust toolkit of actions that they can take to remove the specific spamlink hack that’s detected on their site.

The fact of the matter is that spamlink hacking has gotten too sophisticated for even the average webmaster to keep up with. With widely distributed CMS software like WordPress and sophisticated attack methods, web security is not as simple as it used to be. It’s time for Google to help us out. And this post is my plea for help

6 thoughts on “A Request For Google’s Webmaster Tools – Fight spamlink hacking head-on

  1. Did a upright thing. But currently most of the sites are hacked by many hackers we have to aware about it and have to protect our’s from hacking. Nowadays so many tricks are available to avoid hacking but what the use of that, the hackers even break out that too.

  2. One of the best things you can do is to post in the Google Webmaster Help forum at http://www.google.com/support/forum/p/Webmasters/ — the guys there are pretty good at catching hacks (even if they’re cloaking) and there are a bunch of Googlers that keep track of the posts there. The important part is including your site’s URL. Post the link to your thread there and I’ll take a quick look.

    I agree that being able to look at a site the way Google would see it would be a good tool to have.

  3. MikeE

    That does not provide immediate feedback. So no, it’s not an easy test and requires that you wait until the next time google has cached your site.

  4. Ryan, you can easily test if it’s solved or not. Run the following query in Google:

    site: viagra OR cialis OR levitra OR Phentermine OR Xanax

    (or whatever spammy keywords you’re looking for).

    Alternatively, do a search for any web page on your site, and look at the cached version – this is the version Google sees, so you can tell whether it’s been cached or not.

    Patrick over at BlogStorm has a great post on how to use Google Alerts to automate the process:


    Helped me loads when my site got hacked.

Comments are closed.